CLAIMS 

What is claimed is: 



1. i A directory-enabled network element. 

2. V directory-enabled network element as recited in Claim 1, comprising a directory 
enabling element installed in and executed by the network element, and configured to 
que™, access, and update directory information that is managed by a directory service 
of a network that includes the network element. 

3. A directow-enabled network element as recited in Claim 1, comprising: 

a directoryWabling element installed in and executed by the network element, and 
configured to query, access, and update directory information that is managed 
by a directory service of a network that includes the network element; 

an application OTogramming interface coupled to the directory enabling element and 
configured to receive directory services requests from application programs 
and provide the directory services requests to the directory enabling element. 

4. A directory-enabled nbtwork element as recited in Claim 1, comprising: 

a directory enabling element installed in and executed by the network element, and 

configured to qu<W access, and update directory information that is managed 
by a directory service of a network that includes the network element; 

an application programming interface coupled to the directory enabling element and 
configured to receive ^directory services requests from application programs 
and provide the directow services requests to the directory enabling element; 

a locator service coupled to the directory enabling element and accessible using the 
application programming interface and configured to locate servers that 
provide the directory services^! the network. 
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A directory-enabled network element as recited in Claim 1, comprising: 
a directory enabling element installed in and executed by the network element, and 
configured to query, access* and update directory information that is managed 
by a directory service of a network that includes the network element; 
a bind service in the directory enabling element and coupled to a security protocol and 
configured to bind an external application program to the security protocol. 

A directory-enabled network element as recited in Claim 2, further comprising a 
Unicode translation service configured! to query, access, and update directory 
information that is encoded in a Unicode international character format. 

A directory-enabled network element as recited in Claim 1, comprising: 

a directory enabling element installed inWid executed by the network element, and 
configured to query, access, and irodate directory information that is managed 
by a directory service of a networa that includes the network element; 

a locator service coupled to the directory enabling element and configured to locate 
servers that provide the directory services in the network; 

an event service coupled to the directory enabling element and configured to receive 
registration of an event and an associated responsive action from an 
application program, notify the application program when the event occurs, 
and execute the associated responsive action in response thereto. 

A directory-enabled network element as recited in Claim 1, comprising: 
a directory enabling element installed in and executed by the network element, and 
configured to query, access, and update directory information that is managed 
by a directory service of a network that includes the network element; 
an application programming interface coupled to the directory enabling element and 
configured to receive directory services requestafrom application programs 
and provide the directory services requests to theWectory enabling element; 
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8 a locator service coupled to the directory enabling element and accessible using the 

9 application programming interface and configured to locate servers that 

10 provide the directory services in the network; 

11 an event service coupled to the directory enabling element and accessible using the 

12 application programming interface and configured to receive registration of an 

13 event and an associated responsive action from an application program, notify 

14 the application program when the event occurs, and execute the associated 

1 5 responsive action in response thereto. 

19. A directory-enabled network element as recited in Claim 1, comprising: 

2 a directory enabling element installed in and executed by the network element, and 

3 configured to query, access! and update directory information that is managed 

4 by a directory service of a network that includes the network element; 

5 a locator service coupled to the directory enabling element and configured to locate 

6 servers that provide the directory services in the network; 

7 a group policy interface coupled to the directory enabling element and configured to 

8 receive and update the directory service with one or more definitions of 

9 directory services policies that apply to groups of network devices in the 
10 network. J 

1 10. A directory-enabled network element as recited in Claim 1 , comprising: 

2 a directory enabling element installed in and executed by the network element, and 

3 configured to query, access, and update directory information that is managed 

4 by a directory service of a network that includes the network element; 

5 a bind service in the directory enabling element and coupled to an security protocol 

6 and configured to bind an external application program to the security 

7 protocol; / 

8 an event service coupled to (he directory enabling element and accessible using the 

9 application programming interface and configured to receive registration of an 

10 event and an associated responsive action from an application program, notify 
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the application program when the event occurs, and execute the associated 
responsive action in response thereto. / 



11. A directory-enabled packet router for a packet-switchtfd network. 

12. A directory-enabled packet router as recited in Claipi 1 1 , comprising: 

a directory enabling element installed in and executed by the router, and configured to 
query, access, and update directory information that is managed by a directory 
service of a network that includes the ro/uter; 

a bind service in the directory enabling element and coupled to a security protocol and 
configured to bind an application program to the security protocol; 

an event service coupled to the directory enabling element and accessible using the 

application programming interface and configured to receive registration of an 
event and an associated responsive action from an application program, notify 
the application program when the event occurs, and execute the associated 
responsive action in response thereto. 

13. A directory-enabled network data sWtch for a packet-switched network. 

14. A directory-enabled network data Switch as recited in Claim 13, comprising: 

a directory enabling element installed in and executed by the switch, and configured 
to query, access, and update directory information that is managed by a 
directory service of a network that includes the switch; 

a bind service in the directory enabling element and coupled to a security protocol and 
configured to bind an application program to the security protocol; 

an event service coupled to the directory enabling element and accessible using the 

application programming interface and configured to receive registration of an 
event and an associated responsive action from an application program, notify 
the application program when the event occurs, and execute the associated 
responsive action in response thereto. 
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1 15. A method of using a directory-enabled network element to quew, access, or update 

2 directory information of a directory service of a network that includes the directory- 

3 enabled network element, wherein the directory-enabled network element comprises a 

4 directory enabling element installed in and executed by the network element, and 

5 configured to query, access, and update directory information that is managed by a 

6 directory service of a network that includes the network yelement; the method 

7 comprising the steps of: / 

8 binding the application program to the security protocol; 

9 creating an event and an associated responsive action that are associated with the 

10 application program; / 

11 in response to occurrence of the event, executing the responsive action, obtaining 

12 policy information from the directory service, and converting the policy 

13 information into one or more commands that are executable by the directory- 

14 enabled network element. / 

1 16. A computer-readable medium carrying one or more sequences of instructions for 

2 using a directory-enabled network element to query, access, or update directory 

3 information of a directory service of ametwork that includes the directory-enabled 

4 network element, wherein execution yof the one or more sequences of instructions by 

5 one or more processors causes the ooie or more processors to perform the steps of: 

6 creating and storing a directory enabling element installed in and executed by the 

7 network element, and configured to query, access, and update directory 

8 information that is managed by a directory service of a network that includes 

9 the network element; / 

1 0 binding the application program to the security protocol; 

1 1 creating an event and an associated responsive action that are associated with the 

1 2 application program; 

13 in response to occurrence of the event, executing the responsive action, obtaining 

14 policy information from the directory service, and converting the policy 
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information into one or more commands that are executable by the directory- 
enabled network element. 



A computer-readable medium as recited in Claim 16, whereinyexecution of the one or 
more sequences of instructions by one or more processors ceases the one or more 
processors to perform the further steps of: 

locating a nearest directory server and binding the application program to the nearest 

directory server that is located; 
locating a nearest event server and binding the applicatjbn program to the nearest 

event server that is located. 

A computer-readable medium as recited in Claim 16, wherein execution of the one or 
more sequences of instructions by one or more processors causes the one or more 
processors to perform the further steps of: 

translating the policy information into one or m^re values that are ready to apply to a 
router, whereby a virtual private netwo/k is created between the router and 
another network device. 

A computer-readable medium as recited in Claim 16, wherein execution of the one or 

more sequences of instructions by one or more processors causes the one or more 

processors to perform the further steps of 

translating the policy information into ode or more values that are ready to apply to a 
set of internal data structures of L router, by calling one or more internal NOS 
API functions, whereby a dynarfdc IPSEC configuration is created that 
connects the router and at least pne other network device. 



A computer-readable medium as 
more sequences of instructions by one 
processors to perform the further steps 
interface coupled to the directory ena 
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recitjbd in Claim 16, wherein execution of the one or 
or more processors causes the one or more 
of establishing an application programming 
Ing element and configured to receive directory 
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services requests from application programs and provide the directory services 
requests to the one or more processors. 
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